Vulnerability Details CVE-2025-0289
Various Paragon Software products contain an insecure kernel resource access vulnerability facilitated by the driver not validating the MappedSystemVa pointer before passing it to HalReturnToFirmware, which can allows an attacker the ability to compromise the service.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 11.5%
CVSS Severity
CVSS v3 Score 7.8
Products affected by CVE-2025-0289
-
cpe:2.3:a:paragon-software:paragon_backup_&_recovery:*
-
cpe:2.3:a:paragon-software:paragon_disk_wiper:*
-
cpe:2.3:a:paragon-software:paragon_drive_copy:*
-
cpe:2.3:a:paragon-software:paragon_hard_disk_manager:*
-
cpe:2.3:a:paragon-software:paragon_migrate_os_to_ssd:*
-
cpe:2.3:a:paragon-software:paragon_partition_manager:*